Comarch Identity & Access Management

Comarch Identity & Access Management (CIAM) combines the functions of Identity Management and Access Management systems. It allows for a full control over the access to company's applications, workstations and VPNs.

Comarch Identity & Access Management comes with world-class methods for authentication, authorization, identity lifecycle and accountability. Its modular architecture makes it easy to adapt to specific types of organizations across hierarchies and geographies.

The system supports organizational workflow procedures and keeps all user accounts in all applications up-to-date. On top of that, it offers a smooth integration for access management and authorization purposes.

CIAM easily integrates with multiple devices and applications for strong authentication and authorization including smart cards, cryptographic certificates or hardware and software tokens. This fact significantly extends its use case scenarios.

Comarch Identity & Access Management may be used for adjusting role and access permissions, granting remote access to company’s IT resources or delegating privileges. It also provides vital assistance in meeting the GDPR and PSD2 requirements.

Module-based architecture

Comarch IAM comes with core and complementary modules that allow a customer to manage user identity and access in both small companies and large corporate enterprises.

Different modules provide customers with comprehensive services integrated under one seamless platform. There are 3 groups of modules: base, optional and additional. All of them compose the Comarch IAM Enterprise solution.

Comarch Identity & Access Management:

Central authentication and authorizationEnables aggregation of all services related to user authentication and authorization data validation.

Role-based Access Control (RBAC)Simplifies user management and ensures high flexibility by aggregating permissions from different applications.

Identity controlAllows for the management of all user identities and ensures appropriate persons have access to the required resources at specific times and for specific reasons.

Access managementEnables access to systems and resources across the entire enterprise based on the appropriate level of user permissions.

Support for diverse protocols and servicesIntegrates with Active Directory, LDAP and Kerberos protocols and Radius service.

Integration with PKI and smart cardsAllows the use of cryptographic certificates as an authentication method.

Seamless integrationSupports industry standards, such as SAML and OpenID Connect.

Workflow for multi-level acceptance schemesHelps reflect the organizational structure and allows for using the four-eye principle every time a user or their supervisor requests a new permission

How does Comarch IAM work?

The following diagram illustrates the position of the CIAM platform in the enterprise infrastructure and the importance of identity management software and access management software for protected data access.

Authentication and authorization methods

Integrated applications no longer need to perform user authentication: instead, the Comarch IAM Authentication Server is used for verifying the credentials. Authentication methods, required by each application, can be adjusted on the fly.

Below you can find the list of authentication methods available out of the box. Thanks to open architecture, it is possible to easily integrate additional methods (e.g. used by tokens of other vendors such as Vasco/OneSpan or Gemalto).

Static passwords
X.509 certificates
Hardware cryptographic tokens (i.e. Comarch tPro Token)
Hardware OTP tokens (Comarch tPro OTP)
Software OTP tokens (Comarch tPro Mobile)
LDAP bind
Radius protocol
Kerberos protocol
Support for different authentication methods based on „RESTful” API
Context-based authentication
Different combinations of authentication methods per system

Business advantages

Single Sign-OnAllows user to access multiple web applications with one set of login credentials.

Compliance with external regulations (GDPR, PSD2)Provides support for data portability, right to be forgotten, anonymization, pseudonymization as well as PSD2 requirements

Self-care portalAllows users to complete some administrative tasks by themselves, such as changing the password, or assigning a new token or mobile phone.

Delegation of dutiesEnables permission delegation to another user under constrained time horizons.

Comarch Identity and Access Management software

The growing complexity of organizational structures and the increasing number of applications used at companies make user management a time-consuming and complicated task. An enterprise can solve this problem by applying a centralized identity and access management solution, minimizing both human effort and error.

Comarch IAM may be used for adjusting role and access permissions, granting remote access to company’s IT resources or delegating privileges.

The crucial beneficiaries of this solution are EU-based companies processing sensitive and transaction data in accordance with GDPR or PSD2 requirements.

The other significant capabilities of the CIAM solution are:

Management of user and device identities in a large number of IT systems integrated with various applications and operating systems
Centralized and efficient access control policy at user and application level
Full accounting of end-user and administrator actions
Integration with “legacy” applications
Session management